iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Behind The Scenes: Secunia Spars With Autonomy
Search:
[ news_security_news ]

Behind The Scenes: Secunia Spars With Autonomy



David Utter
Staff Writer
2007-12-06

SecurityProNews: Insider Reports Insider Reports RSS Feed


A spat over the disclosure of vulnerabilities and patches with Autonomy's KeyView software has blown up as Secunia published Autonomy's threats against the firm.

The oddest aspect of the conversation Secunia CTO Thomas Kristensen posted online appears to be the arguments both his company and Autonomy's lawyer made.

These seem to be at cross purposes: Secunia has been tracking down which vulnerabilities in various versions of KeyView have been patched, while Autonomy's associate general counsel suggests Secunia's work is libelous and illegal.

It started when a Secunia researcher asked Autonomy for comment on November 28, regarding an advisory about to be published for a vulnerability in KeyView Lotus 1-2-3 File Viewer.

Autonomy's response scolded Secunia for wanting to publish a new advisory when it and IBM had already posted advisories for the flaw, which also had patches available at the time. They demanded Secunia not publish a new advisory and hinted at legal action over Secunia's investigation.

Kristensen entered the conversation, bristling at Autonomy for trying to tell Secunia "when, where, or how we publish details about our vulnerability research."

When Autonomy's counsel accused Secunia of posting false information, Kristensen pointed out two of Autonomy's customers, IBM and Symantec, published similar advisories that did not have the patch information Secunia's advisory did.

"According to your own phrasing, (IBM and Symantec) have 'knowingly' posted 'false' and 'misleading' information, especially the latter. I wonder how their lawyers respond to your claims," said Kristensen.

The whole kerfuffle looks like it could be solved if cooler heads prevail and discuss the issue. Secunia thinks the multiple versions of KeyView may not all have patches available, even though the one for Lotus already has a fix. Autonomy disagrees.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds